DoD News

News Article

Cybersecurity Must Balance ‘Need to Know’ and ‘Need to Share’

By Jim GaramoneAmerican Forces Press Service

WASHINGTON, Dec. 9, 2010  Commanders in the field understand the advantage that comes from sharing intelligence and information and they do not want to give up that capability, the deputy assistant secretary of defense for cyber and space policy said in an interview here today.

Robert J. Butler said sharing information within the military, with coalition partners and even with outside agencies will continue, but there will be more controls placed on the information.

The WikiLeaks posting of stolen classified information has highlighted the tension between the strategy of “share to win” and the necessity to enforce “need to know.”

Share to win refers to the idea of getting information and intelligence out to the personnel who need it.

“Commanders in the field recognize … it’s really about coalition war-fighting, and it’s about sharing information with partners,” Butler said. This is true whether the military is involved in humanitarian operations or warfighting.

Sharing information can range from the intelligence and information sharing the United States has with traditional military allies to non-governmental agencies.

“They are part of the fight, they are part of the recipe for success,” Butler said.

Need to know is the shorthand for how the department thinks about security, Butler said. “It’s about how information is shared, who has the information, for what purposes and for what period of time,” he said.

Butler does not see share to win and need to know as mutually exclusive. “We need to share information to win and we also have to be conscious of the need to know,” he said.

Afghanistan is an example of both concepts. There are 48 countries in the coalition under NATO’s International Security Assistance Force. The United States has the largest number of troops in the country and the largest intelligence/information-sharing network. “We share information at different levels, based on the need,” Butler said.

Information sharing networks range from local to national in Afghanistan, he said. All are governed by policies that seek to balance share to win with need to know.

“Based on our agreements with countries and their mechanisms for how they control information, we look for ways we can bridge accountability within their workforce and commanders with what we’re doing,” Butler said. “In Afghanistan, where we have a joint task force and we’re working on common objectives, it’s clear what information needs are. Those needs are transmitted down to subordinate units and those will include coalition partners with information requirements that need to be satisfied.

“We need to link the effects we want to achieve with an information-sharing approach,” he added.

The future will be more of the same, Butler said. “What I see happening is an absolute recognition that we have to share information, and at the same time recognizing an increasing challenge from the cyber threat,” he said.

DOD is taking near-term steps to address that threat. Some of those steps include examining the content on the networks and examining the tactics, techniques and procedures used. “A broader and longer-term perspective is an education program –- one that helps them understand what classification means, how information is classified,” he said. “Beyond the classification scheme, who has access to information?”

Butler also spoke about role-based access.

“You have this position, you have this mission, and we expect your access to stay open through this time,” he said. “There are re-visit decision points and there is accountability up the chain [of command].

“There are also ways to look for anomalies,” Butler continued, “so if something happens and we expect this individual to have access to this information and that person is looking at something else, that should set off a flag to look at the situation. There may be a perfectly valid reason for the anomaly. But it could be another WikiLeaks situation.”

DOD is closing the window against potential threats and potential adversaries, Butler said, through technical retro-fitting, and through educational and accountability programs.

“This is part and parcel of what it means to be a soldiers, sailor, airman or Marine in the field protecting yourself, your comrades and your entire operation,” he said.

Comments

Article is closed to new comments.

The opinions expressed in the following comments do not necessarily reflect those of the U.S. Department of Defense.

12/10/2010 11:37:50 AM
I agree with Mr. Butler's comment on education and accountability programs being the key to closing the gap between potential cyber threats and potential adversaries. This addresses the issue of insider threats, in particular, which we need further evaluation and training. As DoD personnel, it is imperative that everyone is educated on our cyber responsibilites and, as that education is applied, be held responsible for the actions we perform in cyberspace. - Marilee Philen, Offutt AFB